Company Policy for the Protection of Personal Data to Protect the Fundamental Rights and Freedoms of Natural Persons Consulted on This Website Pursuant to Article 13 of Regulation (EU) 2016/679..
- PURPOSE
- DESCRIPTION
- SCOPE OF APPLICATION
- INFORMATION SECURITY POLICY
- RESPONSIBILITIES OF THE INFORMATION SECURITY POLICY
1. PURPOSE
The purpose of this document is to describe the general principles of security and confidentiality of information and personal data defined by the Data Controller and ensure that all parties involved in the processing of data are provided with an efficient and secure management system of procedures and processes for the security of personal data in compliance with the European Regulation 2016/679, henceforth GDPR
2. DESCRIPTION
bluAlghero-Sardinia intends to pursue objectives of security of information, personal data, the technological, physical, logical and organisational structure and their management. This means achieving and maintaining a secure information management system through compliance with the principles set out in Articles 5 and 6 of the GDPR;;
- Lawfulness, fairness, transparency;
- Guaranteed with respect to the management and collection of data for contractual, specified, explicit and legitimate purposes only, and subsequently processed in a way that is not incompatible with those purposes.
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (principle of “data minimisation”);
- Accurate and, where necessary, kept up to date; all reasonable steps must be taken to delete or rectify in a timely manner data that are inaccurate in relation to the purposes for which they are processed (“accuracy”);
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which they are processed; and
- Processed in such a way as to ensure appropriate security of personal data, including protection, by appropriate technical and organisational measures, against unauthorised or unlawful processing and accidental loss, destruction or damage ‘principle of integrity and confidentiality
- Safeguarding the consistency of information from unauthorised modification
- Ensure the reliability of information source channels;
- Ensure the protection and control of personal data.
3. SCOPE OF APPLICATION
The data protection policy applies to all processes and resources involved in the design, implementation, commissioning and ongoing delivery of services.
The following describes the products and services provided and explains how they are delivered.
Products and services provided:
Web platform for promoting the territory and offering tourist booking and assistance services to tourists. Marketing campaigns through affiliate programmes. Advertisements for accommodation facilities and companies.
4. INFORMATION SECURITY POLICY
- The verification of the data that will be processed with identification of the various types of data and the categories to which they belong. The verification of the purpose of each processing operation and the legal basis on which each of them is based, also in order to provide adequate information to the data subjects, as required by Articles 13 and 14 of the GDPR;
- The preparation of the notice(s) (or its updating) that must be provided to the data subjects in compliance with all the elements indicated in Articles 13 and 14 of the GDPR. In particular, data subjects must be made aware of the rights that the Regulation grants them (right of access, right to be forgotten, right to rectification, right to restriction and opposition to processing, right to data portability); the information for data subjects must be provided by the client if the software or services used provide for the collection of data;
- The establishment of a procedure to be adopted in the event of any data breaches (the so-called Data Breach referred to in Articles 33 and 34 of the GDPR), e.g. upon the occurrence of a disclosure (whether intentional or unintentional), destruction, loss, modification or unauthorised access to the personal data being processed. In fact, the GDPR provides for specific requirements in the event that such a breach occurs, due to a cyber attack, unauthorised access or an accident. In these cases, the GDPR imposes, as set out in Article 33, an obligation on the data controller to notify the supervisory authority of the breach within 72 hours (or in any case without delay). If the breach that has occurred also gives rise to the presumption of a high and present danger to the rights and freedoms of the data subjects, the latter must also be directly informed without delay of what has happened;
- In Article 35 of the GDPR, there is an obligation on the data controller (and with the possibility of consulting the Data Protection Officer if one is appointed) to carry out a data protection impact assessment in the event that a type of processing, also taking into account the nature, subject-matter, context and purposes of the processing, presents a high risk to the rights and freedoms of natural persons. It should be noted that the GDPR does not lay down an actual obligation to carry out an impact assessment, but it should be recalled that the Regulation lays down a general obligation for the data controller to implement appropriate measures to adequately manage the risks to the rights and freedoms of data subjects that may arise from the processing of their data. It will therefore be appropriate to carry out an impact assessment even when the data controller is not under a legal obligation to do so.
- Articles 37 – 38 and 39 introduce another requirement for the data controller, which consists in the appointment of a Data Protection Officer. This appointment, as provided for in Art. 37 of the GDPR, is mandatory only in a number of cases, in particular, where the data processing is carried out by a public authority or a public body (with the exception of judicial authorities when exercising their functions) where the main activities carried out by the controller or processor consist of operations which, by virtue of their nature, their scope or their purposes, require regular and systematic monitoring of data subjects on a large scale; and finally, where the main activities carried out consist of the processing, on a large scale, of sensitive data or data relating to criminal convictions and offences involving the unlawful processing of personal data. As also suggested by the Working Party of 29, the advisory and independent body composed of a representative of the data protection authorities designated by each Member State that drew up the Guidelines laying down rules on the appointment of the DPO, when the Regulation does not specifically require the appointment of a DPO, this figure may still be appointed by the data controller or processor on a voluntary basis.
5. RESPONSIBILITY FOR INFORMATION SECURITY POLICY
The ‘data controller’ and ‘controller’ are responsible for the secure information management system, consistent with the evolution of the business and market environment, evaluating possible actions to be taken in the face of events such as:
- Significant business developments;
- New threats compared to those considered in the risk analysis activity;
- Significant security incidents;
- Changes in the regulatory or legislative environment regarding the secure handling of information.
Consent to the Processing of Personal Data
By submitting the request form, the user consents to the processing of personal data by BluAlghero-Sardinia.com, in accordance with Law 196/2003 and its subsequent amendments and EU Regulation 679/2016 and declares to have read the information on the processing of personal data.
Personal data are collected only if you decide to provide them, for example, to proceed with a booking or for other services.
Your data is only processed internally.
Any personal information you provide when using this website will be used in accordance with the data protection act.
Data protection declaration
We will never provide your personal information to any company outside BluAlghero-Sardinia.com. However, we may send you information about our services, including exclusive offers, promotions and special events. You can revoke your consent at any time for future
Links to other websites
This website includes links to other websites. We are not responsible for the information, material, products or services contained and accessible on third-party sites.
External sites may have different security methods and privacy policies than those described above over which we have no control.
CHARACTERISTICS ON THE USE OF PERSONAL DATA
Personal data, or personal information, is information about any individual from which we can infer his or her identity.
We collect a range of information relating to users who visit the blualghero-sardinia website. This personal information falls into the categories set out below.
Personal data: any information relating to an identified or identifiable natural person.
Identifying data: includes title, first name, surname, user name or other identifying data. If you communicate with us via email forms or social media, this category of data also includes the user name used on the social media used.
Contact data: includes billing address, shipping address, email address and telephone number.
Financial data: this includes information about the type of payment used.
Transaction Data: This includes information about payments made by and to the user and additional information about products and services purchased.
Technical data: this includes your internet protocol (IP) address, your login details, browser type and version, time zone and location, browser plug-ins and their versions, operating system, platform and any other technology that operates on the devices you use to access the site.
Usage data: this includes information about your use of our site and our products and services.
Tracking Data: includes information about you that we, or third parties, collect from cookies and tracking technologies and mobile device identification data.
Market and business data: this includes preferences regarding receipt of direct marketing communications from us and from third parties and any preferences related to communications.
We also collect, use and share Aggregate Data such as statistical and demographic data for any purpose. Aggregate Data may be derived from your Personal Data, although it is not considered Personal Data under the law because it does not reveal your identity, either directly or indirectly. For example, we may aggregate Usage Data to calculate the percentage of users accessing a specific Site feature. In order to offer better content and services, the blualghero-sardinia website uses Google analytics 4.
However, if combining or linking the Aggregated Data with your Personal Data can directly or indirectly identify you, the combined data will be treated as Personal Data within the meaning of this Privacy Policy.
We do not collect Sensitive Data relating to you (this includes data revealing racial or ethnic origin, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information as well as genetic and biometric data). Furthermore, we do not collect judicial data relating to the user.
Cookie Policy For Users Consulting This Website
Cookies are small pieces of data that are stored and used to improve your experience of using a website.
For example, they may temporarily remember your browsing preferences so that you don’t have to select your language each time, making subsequent visits more convenient and intuitive.
Or they can be used to do ‘anonymous surveys’ on how users navigate through the site, so that it can be improved from real data.
Cookies do not record any personal information about a user and any identifiable data will not be stored. If you wish to disable the use of cookies, you must customise your computer settings by setting the deletion of all cookies or by activating a warning message when cookies are stored. To proceed without changing the application of cookies, simply continue browsing.
Cookies are not viruses or programs
Cookies are not viruses or programs. Cookies are merely data saved in text form in the form “variable=value” (e.g.: “siteAccessDate=2014-01-20,14:23:15R43;). This data can only be read by the site that generated it, and in many cases has an expiry date, after which the browser will automatically delete it.
Not all cookies are used for the same purpose: the different types of cookies used by this website are specified below.
Essential cookies
These cookies are essential in order to enable you to move around the site and make full use of its features. Without these cookies some services will not function properly.
Performance cookies
These cookies collect information about how users use a website, but do not store information that identifies a visitor. These cookies are only used to improve the functioning of the website.
By using the site you agree that such cookies may be stored on your device.
Functionality cookies
These cookies allow the site to remember choices you make (such as language or other special settings that may be available) and provide enhanced personalised functionality, and may also be used to deliver the services you have requested. By using the site you agree that such cookies may be stored on your device.
How to manage cookies on your PC
Each browser allows you to customise the way cookies are handled. Please consult the documentation of the browser you are using for more information.
Some browsers allow ‘anonymous browsing’ on websites, accepting cookies and then automatically deleting them at the end of the browsing session. For more information about ‘anonymous browsing’, please consult the documentation of the browser used.
Google Analytics
This website uses Google Analytics, a web analysis service provided by Google. Google Analytics uses cookies to enable the website to analyse how users use the site. The information generated by the cookie about your use of the website (including your anonymous IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
You can prevent Google from collecting a cookie generated by and linked to your use of this website (including your IP address) and processing this data by downloading and installing this browser plug-in: http://tools.google.com/dlpage/gaoptout?hl=en
WHAT KIND OF COOKIES DOES THIS WEBSITE USE?
This Website uses cookies commonly referred to as technical cookies or other similar tracking tools to perform activities strictly necessary to ensure the operation or provision of the Service.
Cookies allow the blualghero-sardinia website to function better and facilitate the online purchasing process. Other cookies collect information about how the user uses the site, for example which pages are visited most often, or if the user receives error messages from certain pages. These cookies do not collect any information by which you can be identified. All information collected by these cookies is aggregated and used to improve the operation of the site. There are also cookies that can be used to remember user choices (such as user name, language or geographic location) in order to provide not only better, but also personalised functionality. These cookies can also be used to remember user changes in font size, font usage and other customisable preferences. They can also be used to provide services requested by the user such as viewing a video or posting a comment on a blog. These cookies collect information about the user’s browsing habits in order to provide advertisements that are relevant to the user’s interests (compare Advertisements, Marketing and User Preferences in Communications above). Cookies referred to as “targeting cookies” or “advertising cookies” are linked to site functionality provided by other companies. When you browse the blualghero-sardinia site, your device or browser may install third party cookies, for example when you view embedded content or click on a link to a social network. However, we have no access to or control over the cookies used by these companies or third party sites. We suggest that the user consult the third party site for more information on its cookies and their management. Your browser can be set to reject or refuse cookies, or to notify you when a site attempts to install or access cookies. By disabling or refusing cookies, the user may be denied access to certain sections of the site, or may notice that these do not function properly.
- Technical cookies
These cookies are used to improve navigation and optimise the functioning of the website. They store service configurations so that you do not have to reconfigure them each time you visit this website.
- Analysis cookies
These are those which, processed by us or by third parties, allow us to quantify the number of users and thus perform statistical measurement and analysis of their use of the service offered. Consequently, your navigation on our website is analysed with the aim of improving the products or services we offer you.
- Third-party marketing/retargeting cookies
It allows us, after you have visited blualghero-sardinia, to show you advertising banners with the best offers in the locations you have previously searched for.
HOW TO MANAGE COOKIES ON YOUR BROWSER
You can allow, block or delete cookies installed on your device by configuring the options of the browser installed on your computer.
ACCEPTANCE OF COOKIES
If you continue browsing once you have been informed about the Cookie Policy, you accept the use of cookies by the website and applications. However, if you wish, you can change your cookie configuration at any time by setting your browser to accept or not accept the cookies it receives or to notify you when a server wants to save a cookie.Please be aware that if you block or do not accept the installation of cookies, you may not be able to access certain services or take full advantage of all that our websites and applications offer you. In addition to the use of our own cookies, we allow third parties to place and access cookies on your computer. Your consent to the use of cookies from these companies is linked to your browsing of this site.Thank you for accepting cookies, they help us to obtain more accurate data that allows us to improve our content and to identify you as a user in order to offer you personalised themes.
When you access this website or application for the first time, a window will open informing you about the use of cookies and where you can consult the “Cookie Policy”. If you consent to the use of cookies, continue browsing or click on a link, you accept our cookie policy and therefore their installation on your device or appliance.
HOW TO DISABLE/ENABLE COOKIES?
You can disable/enable cookies from your device through your internet browser. We have explained how you can manage cookies on your computer through some of the main internet browsers listed below. For information on how to manage cookies on your tablet and/or mobile phone please consult your documentation or online help files.
Google Chrome
- In the settings menu, select “Show advanced settings” at the bottom of the page
- Select the ‘settings content’ button in the privacy section
The section at the top of the page that appears next explains cookies and allows you to select the cookies you want. It also allows you to delete any cookies currently stored.
Mozilla Firefox
- In the tools menu, select “Options
- Select the “Privacy” button in the “Options” folder
- From the drop-down menu, choose “History Settings”. This will show you the options for cookies and you can choose to enable or disable them by clicking on the box.
Internet Explorer
- In the menu bar, select “Internet Options”
- Click on the “Privacy” button
- You will see a privacy settings slider that has six settings that allow you to control the number of cookies that will be placed: Block All Cookies, High, Medium High, Medium (default level), Low, and Accept All Cookies.
Safari browser
- In the Settings menu, select the ‘Preferences’ option
- Open the Privacy section
- Select the option you want from the “Block cookies” section
All other browsers
For information on how to manage cookies through other browsers, please consult your documentation or online help files.
How to disable/enable third-party cookies?
Third party cookies are not placed by us. We would therefore suggest that you visit the website of these third parties for information about the cookies they place and how to manage them.
For more information on cookies and their general functions, please visit an informative website such as www.allaboutcookies.org.
Third Party Tracking Tools
Traffic optimisation and distribution
Cloudflare (Cloudflare Inc.)
Displaying content from external platforms
Google Maps Widget (Google Inc.)
YouTube Video Widget (Google Ireland Limited)
Tag management
Google Tag Manager
Statistics
Google Analytics 4
Displaying content from external platforms
Font Awesome
Personal Data: Usage Data; Tracking Tools
Access to accounts on social websites
Facebook, Instagram.
Permissions: Email; Device information; Tracking Tool
Interaction with social networks and external platforms
Like button and social widgets of Facebook and Istangram(Facebook, Instagram.)
Affiliation with external websites for commercial purposes (Booking history; Usage data; Tracking tools):
Permissions: Email; Device Information; Tracking Tool
Booking.com
GetYourGuide
Viator
FerriesLines
Omio
Contacting and sending messages via form
Integration of Form Contact7
Personal data. name, email
Payment management
PayPal
Personal Data: Tracking tool and as specified by the service’s privacy policy.
Advertising banners
Google Adsense
Personal Data: Usage Data; Tracking Tool
Google Maps widget
Personal data collected: Cookies and Usage data.
Youtube Video Widget
Personal data collected: Cookies and Usage data.
Spam protection
Google reCAPTCHA (Google LLC)
The different methods of collecting data from you and the user that we use are listed below.
Direct interaction. The user decides to provide us with identification, contact and financial data by filling in a form or by communicating this data by post, telephone, e-mail or via chat or social media.
This includes personal data communicated by users when they
- subscribes to the newsletter
- submits requests for information;
- creates an account on our site;
- orders our services;
- contact us on social media;
- post a comment or review about our products or services
When you interact with us, including through the blualghero-sardinia site, we may collect Technical Data about your devices and browsing actions and patterns. We may also collect Tracking Data when you consult our site or when you click on one of our advertisements (including those posted on third party sites).
Third Party Parties or Public Domain Sources. We may receive Personal Data about you from various categories of third parties, including:
- technical and/or tracking data from analytics service providers, advertising networks and research service providers;
- contact, financial and transaction data from payment service providers and fraud prevention services;
- identification and contact data from partners with whom we share data; and
- data from any third party who has been authorised by regulation or by you to share that user’s personal data with us, for example through social media or review sites.
Use of your personal data
We use personal data within the limits provided by law. In general we use personal data in the following circumstances.
If we have to perform a contract that is being concluded or has already been concluded with you. For example, a contract consisting of the purchase of a service by the user.
If it is necessary to pursue our legitimate interests (or those of third parties) as long as the interests and fundamental rights of the user do not prevail over them. For example, during anti-fraud checks during the payment procedure.
If we have to comply with obligations imposed by laws or regulations. For example, for the storage of sales documentation for tax reasons.
In general, the legal basis on which we process your personal data does not include your consent unless expressly required by law, e.g. for sending certain direct marketing communications. Where the legal basis is based on consent, you have the right to withdraw your consent at any time.
For further information please compare the legal basis on which we base our processing of personal data with the legal basis on which we process personal data.
Advertising, Marketing And User Preferences In Communications
We may use Identifying, Contact, Technical, Tracking, Usage and Profiling Data to give us an idea of what you might want or need, or what might interest you. It is in this way that we decide which products, services and offers are relevant to the user and, accordingly, provide the user with the relevant communications. This is known as direct marketing.
We may use direct marketing strategies via e-mail. For example, the user may either receive an email via his or her mailbox
You can change your mind at any time and decide to unsubscribe. The easiest way to unsubscribe is via the unsubscribe link at the bottom of our communications.
We use Tracking Data to provide you with relevant online advertisements, including via websites and social media.
Tracking Data, and in particular cookies, help us deliver advertisements on sites and social media that we believe are most relevant to you. The cookies used for this purpose are often installed on our site by specialist companies.
Cookies also alert us to whether you have viewed a particular advertisement, as well as how long it has been since you last viewed it. Cookies also help us to understand whether you have opened one of our commercial e-mails, so that we can avoid sending you content that is trashed.
For more information on Tracking Data, particularly cookies, please see the Cookies section below.
Virtually all advertising-related cookies come from the online advertising networks of third parties. For more information on how to decide which advertisements to display online, compare the Unsubscribe section below.
Disclosure of Personal Data
Your personal data may be shared with the entities listed below for the purposes set out in this privacy policy. We may also share your personal data where required by law.
We share data with third parties who are in the advertising, retargeting and analytics business. For more information about these third parties, please see the Cookie section above, including the list of cookies.
We also reserve the right to share personal information with third parties to whom we may decide to sell or transfer part of our business or assets or merge with them. Or, we may acquire other companies or merge with them. If there is a change in our business, the new owners may use your personal data according to the same rules as set out in this privacy policy.
Payment Information
blualghero-sardinia uses the external payment processing company PayPal to process payments made for the purchase of our products and services through the Site. All online payments will be made in accordance with data security standards and the user’s billing information (used exclusively by the payment processing companies for fraud prevention) is encrypted before being communicated. The user’s credit card details are communicated directly from the browser to the payment processing companies: blualgher-sardinia does not have access to the user’s Permanent Account Number (PAN). This means that the payment form is located outside the site or is displayed in a frame on the payment page.
For PayPal, we only store the tokens required to identify the transaction with PayPal itself, issue a refund, and identify transactions made through PayPal.
Data Security
We have security measures in place to prevent the accidental loss of your personal data, as well as its use or access by unauthorised parties, as well as its alteration or disclosure.
Third Party Links
This site may include links to third-party sites, as well as plug-ins and applications from third parties (this is the case, for example, when you register via Facebook). By clicking on or linking to such links, you agree that third parties may collect or share data about you. Third party sites are not controlled by us and blualghero-sardinia is not responsible for their privacy policies. If you leave our site, you are responsible for reading the privacy policy of any other site you visit.
Data Retention
We will only retain your personal data for as long as is necessary to fulfill the purposes for which the data was collected, including purposes related to fulfilling any legal, accounting or reporting obligations.
In certain circumstances, you may ask us to delete data about you; please see the section on your statutory rights below for more information.
Rights guaranteed by law
If you reside in a European Union country, you are entitled to the following rights guaranteed by the law of privacy protection with regard to your personal data.
- Right of information – we have an obligation to inform you about the use of your personal data by us (an obligation that we fulfil under this privacy policy);
- Right of access – the right to submit a ‘data subject access request’ to obtain a copy of the personal data of the data subject stored;
- Right of rectification – the right to demand the correction of personal data if it is incomplete or incorrect;
- Right to erasure – also known as the ‘right to be forgotten’ when, in certain circumstances, a data subject may request that personal data concerning him or her be erased (provided that there is no rule requiring that personal data be retained and that the request is overridden);
- Right to restriction of processing – right to request, in certain circumstances, the suspension of the processing of personal data;
- Right to portability – right to request a copy of your personal data in a commonly used format (e.g. a .csv file);
- Right to object – the right to object to the processing of your personal data (for example, if you do not consent to the processing of your data for direct marketing purposes); and
- Rights related to automated decisions and profiling – the right to demand transparency for any profiling we perform, or for any decision made by an automated process.
- These rights are subject to certain rules that determine their exercise. For more information, you can consult the Guide to the Application of the European Data Protection Regulation.
Changes Relating To This Privacy Policy
We reserve the right to make changes to this Privacy Policy.
Data controller: Lucia Pisanu – info@blualghero-sardinia.com